Actions
Feature #1158
closed
CB
VJ
Parser DNS TXT data parsing and logging
Feature #1158:
Parser DNS TXT data parsing and logging
Effort:
Difficulty:
Label:
Description
I am trying to detect DNS Tunneling.
For this I use the DNS logger in Suricata 2.0.
But when TXT answers have lot of data, the DNS logger say '<no data>'.
Files
CB Updated by Christie Bunlon about 12 years ago
Sorry is not the parser but the DNS logger.
VJ Updated by Victor Julien about 12 years ago
- Status changed from New to Assigned
- Assignee set to Victor Julien
- Target version set to 2.0.1rc1
I think this is only matter of extending the dns loggers. If it turns out to be more involved it will likely go into 2.1.
VJ Updated by Victor Julien almost 12 years ago
- Target version changed from 2.0.1rc1 to 2.0.2
VJ Updated by Victor Julien almost 12 years ago
- % Done changed from 0 to 50
Please test: https://github.com/inliniac/suricata/pull/967
VJ Updated by Victor Julien almost 12 years ago
- Tracker changed from Bug to Feature
- Subject changed from Parser DNS no parsing TXT data to Parser DNS TXT data parsing and logging
CB Updated by Christie Bunlon almost 12 years ago
I have tested it but it seems still not working,saying again <no data> with 90dns22.pcap
VJ Updated by Victor Julien almost 12 years ago
I'm not getting any 'no data' with this branch, are you sure you tested the branch from pull request 967?
CB Updated by Christie Bunlon almost 12 years ago
Sorry, i made a mistake with my suricata.
It's logging correctly the answers now.
Thank you for your help. You can close the ticket. :)
VJ Updated by Victor Julien almost 12 years ago
- Status changed from Assigned to Closed
- % Done changed from 50 to 100
Actions